DNS hijacked on GoDaddy?

I thought GoDaddy was an industry pariah, avoided by anyone who knows anything. What's the motivation to use them beyond saving a few dollars? Do they have a monopoly on certain domains?

Back when I was a college student, my popular video game wiki&#x27;s domain [1] was stolen by a former associate of mine while I was overseas.<p>Godaddy did nothing to help the situation, and the thief had substantial monetary resources and threatened to get me tied up in court. He was ten years older, had an engineering income, and came from a family of lawyers. I was just a college student and felt powerless to do anything about it.<p>I assume it was social engineering. He had access to the server and database, but was never supposed to have domain name access.<p>Godaddy sucks.<p>Also, their founder kills elephants for sport. So there&#x27;s that too.<p>[1] strategywiki.org

Honestly, it seems like this headline pops up at least once per year. I switched to another registrar close to a decade ago because of security concerns.

Something doesn&#x27;t add up here.<p>His nameservers have been set to DigitalOcean servers for well over a year. A GoDaddy rep wouldn&#x27;t be able to change MX records on those nameservers. They would have to change the nameservers on his domain to GoDaddy servers and then add new MX records. That&#x27;s more than just a simple MX record change and seems more unlikely to me.<p>Perhaps his DigitalOcean account was compromised?

Wonder if this is any way related to the 13 hour outage[1] at Wasabi storage related to GoDaddy?<p>[1] <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=25567294" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=25567294</a>

What registrar do people recommend these days for domain registration that&#x27;s (more?) secure against domain theft attack vectors? Namecheap? Gandi? MarkMonitor? One of the cloud providers?

I think it boils down to a shitty employee at the end of the day.<p>If you have someone who decides to cut even 1 corner, it can be devastating to a domain owner.<p>I have hundreds of clients who have used them, and I&#x27;ve never been on the phone with GoDaddy and had them do any less than tell me to bug off if I don&#x27;t have a pin or get the 2-factor auth code to verify myself.

Reading the Twitter thread, what&#x27;s the current best security practices for email addresses? Because I thought getting your own domain was the better thing to do but it seemed in this case using a Gmail address would have been better?

Will 2FA and having a customer support PIN set up prevent this hijacking with GoDaddy?

So the big shots in crypto still don&#x27;t understand how to secure their coins?